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Towards  Trust-based  Cognitive  Networks: 

A  Survey  of  Trust  Management  for  Mobile  Ad  Hoc  Networks 


Abstract 

Managing  trust  in  a  distributed  Mobile  Ad  Hoc  Network  (MANET)  is  challenging  when  collaboration  or 
cooperation  is  critical  to  achieving  mission  and  system  goals  such  as  reliability,  availability,  scalability,  or 
reconfigurability.  In  defining  trust  and  managing  trust  in  a  military  MANET,  we  must  consider  the 
interactions  between  the  composite  cognitive,  social,  information  and  communication  networks,  and 
take  into  account  the  severe  resource  constraints  (e.g.,  computing  power,  energy,  bandwidth,  time),  and 
dynamics  (e.g.,  topology  changes,  mobility,  node  failure,  propagation  channel  conditions)  in  a  military 
MANET.  We  seek  to  combine  notions  of  "social  trust"  derived  from  social  networks  with  "quality-of- 
service  (QoS)  trust"  derived  from  communication  networks  to  obtain  a  composite  trust  metric.  We  will 
discuss  the  concept  and  properties  of  trust  and  derive  some  unique  characteristics  of  trust  in  MANETs, 
drawing  upon  social  notions  of  trust.  We  will  give  a  survey  of  trust  management  schemes  developed  for 
MANETs  and  will  discuss  generally  accepted  classifications,  potential  attacks,  and  trust  metrics  in 
MANETs.  Finally,  we  will  suggest  future  research  directions  on  trust  management  in  MANETs  based  on 
the  concept  of  social  and  cognitive  networks. 


1.  Introduction 


Security  protocol  designers  for  mobile  ad  hoc  networks  (MANETs)  face  technical  challenges  due  to  severe 
resource  constraints  in  bandwidth,  memory  size,  battery  life,  computational  power,  and  unique  wireless 
characteristics  such  as  openness  to  eavesdropping,  high  security  threats  or  vulnerability,  unreliable 
communication,  and  rapid  changes  in  topologies  or  memberships  due  to  user  mobility  or  node  failure. 
Security  in  a  tactical  network  includes  notions  of  communications  security  which  is  amenable  to 
quantification  and  analysis,  as  well  as  the  perception  of  security  which  is  harder  to  quantify. 

The  concept  of  "Trust"  originally  derives  from  the  social  sciences  and  is  defined  as  the  degree  of 
subjective  belief  about  the  behaviors  of  a  particular  entity.  Blaze  et  al.  [9]  first  introduced  the  term  "Trust 
Management"  and  identified  it  as  a  separate  component  of  security  services  in  networks.  Trust 
management  in  MANETs  is  needed  when  participating  nodes,  without  any  previous  interactions,  must 
establish  a  network  with  an  acceptable  level  of  trust  relationships  among  themselves.  Typical  examples 
include  building  initial  trust  bootstrapping,  coalition  operation  without  predefined  trust,  third-party 
certificate  authentication  when  links  are  down,  and  in  ensuring  safety  in  battlefield  situations  [11].  In 
addition,  trust  management  has  diverse  applicability  in  many  decision  making  situations  including 
intrusion  detection  [3,  4],  authentication  [14,  34,  42],  access  control  [2,  28,  45],  and  isolation  of 
misbehaving  nodes  for  effective  routing  [6,  7,  8, 14, 16,  22,  30,  33,  34,  35,  39, 42, 46, 47]. 

Trust  management,  including  trust  establishment,  trust  update,  and  trust  revocation,  is  much  more 
challenging  in  a  MANET  than  in  traditional  centralized  environments.  For  example,  collecting  trust 
information  or  evidence  to  evaluate  trustworthiness  is  difficult  due  to  mobility  induced  changes  in 
network  topology.  Resource  constraints  further  confine  the  trust  evaluation  process  to  only  local 
information,  so  that  trust  establishment  would  be  based  on  incomplete  and  incorrect  information.  The 
dynamic  nature  and  characteristics  of  MANETs  result  in  uncertainty  and  incompleteness  of  the  trust 
evidence  that  is  continuously  changing  over  time  [11]. 

Despite  a  couple  of  surveys  on  trust  [26,  37],  a  comprehensive  survey  of  trust  management  in  MANETs 
does  not  exist  and  is  the  main  aim  of  this  paper.  The  contributions  of  this  paper  are:  (1)  to  give  a  clear 
definition  of  trust  in  the  communication  and  networking  field,  (2)  to  extensively  survey  the  existing  trust 
management  schemes  developed  for  MANETs,  and  (3)  to  address  novel  trust  metrics  for  MANETs  based 
on  the  concepts  of  social  and  cognitive  networks. 

The  rest  of  this  paper  is  organized  as  follows.  In  Section  2,  we  introduce  the  concept  of  trust  and  provide 
a  clear  distinction  between  trust  and  trustworthiness,  and  also  discuss  the  relationship  between  trust 
and  risk.  We  also  introduce  the  properties  of  trust  as  well  as  the  main  characteristics  of  trust  in  MANETs. 
Section  3  surveys  generally  accepted  classifications  of  trust  management  schemes;  attack  models 
considered  in  current  trust  management  schemes;  trust  metrics  including  the  concepts  of  social  trust 
and  quality-of-service  (QoS)  trust;  and  a  survey  of  existing  trust  management  schemes  for  MANETs. 
Section  4  briefly  describes  future  directions  for  developing  trust  management  schemes  in  MANETs  as 
well  as  our  ongoing  research  based  on  the  concepts  of  social  networks  and  cognitive  networks.  Section  5 
concludes  this  paper. 


2.  Concept  and  Properties  of  Trust 


We  review  how  trust  is  defined  in  different  fields  and  how  these  trust  concepts  can  be  applied  in 
modeling  network  trust.  Further,  we  examine  the  relationship  between  trust  and  risk:  how  trust  can  be 
defined  in  order  to  realistically  reflect  the  unique  characteristics  of  MANETs. 

2.1  What  is  Trust? 

There  are  multiple  definitions  of  trust,  ranging  from  the  Merriam  Webster  dictionary  definition  of 
"assured  reliance  on  the  character,  strength,  or  truth  of  someone  or  something";  Gambetta's  definition 
of  sociological  trust  [13]  as  a  subjective  probability  that  the  particular  action  that  will  be  performed  by 
an  agent;  definitions  in  economics  based  on  the  notion  that  humans  are  rational  and  seek  to  maximize 
their  own  utility  functions  [19];  definitions  in  psychology  that  involve  reciprocity,  loss  and  restoration 
[49];  definitions  in  organizational  management  as  the  willingness  to  take  risk  or  be  vulnerable  [31], 
which  need  not  be  reciprocal,  or  mutual;  to  the  modeling  of  trust  in  human-agent  interactions. 

The  concept  of  trust  is  important  to  communication  and  network  protocol  designers  where  establishing 
trust  relationships  among  participating  nodes  is  critical  to  enabling  collaborative  optimization  of  system 
metrics.  According  to  Eschenauer  et  al.  [11],  trust  is  defined  as  "a  set  of  relations  among  entities  that 
participate  in  a  protocol.  These  relations  are  based  on  the  evidence  generated  by  the  previous 
interactions  of  entities  within  a  protocol.  In  general,  if  the  interactions  have  been  faithful  to  the 
protocol,  then  trust  will  accumulate  between  these  entities."  Trust  has  also  been  defined  as  the  degree 
of  belief  about  the  behavior  of  other  entities  (or  agents)  [10],  often  with  an  emphasis  on  context  [26], 

2.2Trust,  Trustworthiness,  and  Risk 
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In  the  literature,  the  terms  trust  and  trustworthiness  seem  to  be  interchangeably  used  without 
clear  distinction.  Josang  et  al.  [21]  clarified  the  difference  between  trust  and  trustworthiness 
based  on  their  definitions  provided  by  Gambetta  [13].  The  level  of  trust  is  defined  as  the  belief 
probability  varying  from  0  (complete  distrust)  to  1  (complete  trust)  [21].  In  this  sense, 
trustworthiness  is  a  measure  of  the  actual  probability  that  the  trustees  will  behave  as  expected. 


Solhaug  et  ai  [58]  define  trustworthiness  as  the  objective  probability  that  the  trustee  performs 
a  particular  action  on  which  the  interests  of  the  trustor  depend.  Figure  1  [38]  explains  how  trust 
(i.e.,  subjective  probability  of  trust  level)  and  trustworthiness  (i.e.,  objective  probability  of  trust 
level)  can  differ  and  how  the  difference  affects  the  level  of  risk  the  trustor  needs  to  take.  In 
Figure  1,  the  diagonal  dashed  line  is  assumed  to  be  marks  of  well-founded  trust  in  which  the  subjective 
probability  of  trust  (i.e.,  trust)  is  equivalent  to  the  objective  probability  (i.e.,  trustworthiness).  Depending 
on  the  extent  to  which  the  trustor  is  ignorant  about  the  difference  between  the  believed  (i.e.,  trust)  and 
the  actual  (i.e.,  trustworthiness)  probability,  there  is  inconclusiveness  about  or  a  miscalculation  of  the 
involved  risk.  That  is,  the  subjective  aspect  of  trust  brings  incorrect  risk  estimation  and  wrong  risk 
management  accordingly.  Figure  1  shows  cases  in  which  the  probability  is  miscalculated.  In  the  area 
below  the  diagonal  line,  there  is  misplaced  trust  to  various  degrees  that  the  perceived  trust  is  higher 
than  the  actual  trustworthiness.  Even  though  risk  is  an  intrinsic  characteristic  of  trust,  even  well- 
founded  trust,  misplaced  trust  increases  risk  and  thus  the  chance  of  deceit,  as  shown  in  the  example 
marked  with  a  and  b  in  Figure  1.  On  the  other  hand,  when  the  perceived  trust  is  lower  than  the  actual 
trustworthiness  as  shown  in  the  example  marked  with  o,  the  trustee  is  distrusted  more  than  warranted. 
In  this  case,  the  trustor  may  lose  potentially  good  opportunities  to  cooperate  with  partners  with  high 
trustworthiness. 

From  the  above  discussions,  we  can  conclude  that  careful  risk  estimation  is  closely  linked  with  building 
accurate  trust  relations  among  participating  entities  in  the  networks.  One  can  also  distinguish  between 
two  types  of  trust  [21]:  (1)  a  context  independent  reliability  trust  which  measures  the  perceived 
reliability  of  another  party  regardless  of  the  situations  which  the  trustor  might  face  by  recognizing 
possible  risk;  (2)  decision  trust  as  "the  extent  to  which  a  given  party  is  willing  to  depend  on  something  or 
somebody  in  a  given  situation  with  a  feeling  of  relative  security  even  though  negative  consequences  are 
possible."  Decision  trust  deals  with  components  including  utility  and  risk  attitude.  As  an  example,  one 
may  not  trust  an  old  rope  for  climbing  from  the  3rd  floor  of  a  building  during  a  fire  exercise  (reliability 
trust)  while  trusting  the  rope  in  a  real  fire  (decision  trust). 

The  relationship  between  trust  and  risk  has  been  studied  in  [21,  38].  Figure  2  shows  an  example  of  three 
different  risk  values:  low,  medium,  and  high.  The  risk  value  is  low  for  all  trust  values  when  the  stake  is 
close  to  zero.  If  the  stake  is  too  high,  risk  is  regarded  as  high  regardless  of  the  estimated  trust  value.  The 
risk  is  generally  low  when  the  trust  value  is  high.  However,  the  risk  value  should  be  determined  based  on 
the  value  at  stake  as  well  as  the  risk  probability;  as  shown  in  Figure  2  high  risk  exists  even  for  the  case  of 
trust  value  =  1.  Also  important  are  the  aspects  (or  probability)  of  opportunity  and  prospect  (or  the 
positive  consequence  of  an  opportunity)  [21,  38].  To  buy  rubber  is  to  do  risky  business,  but  it  also  gives 
the  opportunity  of  selling  refined  products  with  net  profit.  The  purchaser  of  rubber  should  estimate  his 
or  her  acceptable  risk  level  in  terms  of  the  calculated  prospects.  In  general,  trust  is  neither  proportional 
nor  inversely  proportional  to  risk  [21,  38]. 

2.3  Properties  of  Trust 

Golbeck  [15]  discusses  the  three  main  properties  of  trust  in  the  context  of  a  social  network  perspective: 
transitivity,  asymmetry,  and  personalization.  First,  trust  is  not  perfectly  transitive  in  a  mathematical 
sense.  That  is,  if  A  trusts  6,  and  B  trusts  C,  it  does  not  guarantee  that  A  trusts  C.  Second,  trust  is  not 
necessarily  symmetric,  meaning  not  identical  in  both  directions.  A  typical  example  of  asymmetry  of  trust 
can  be  found  in  the  relationships  between  supervisors  and  employees.  Third,  trust  is  inherently  a 
personal  opinion.  Two  people  often  evaluate  trustworthiness  about  the  same  entity  differently. 


2.4  Characteristics  of  Trust  in  MANETs 


Due  to  the  unique  characteristics  of  MANETs  and  the  inherent  unreliability  of  the  wireless  medium,  the 
concept  of  trust  in  MANETs  should  be  carefully  defined.  The  main  features  of  trust  in  MANETs  are  as 
follows  [2,  10,  11,  23,  39]: 

1.  A  decision  method  to  determine  trust  against  an  entity  should  be  fully  distributed  since  the 
existence  of  a  trusted  third  party  (such  as  a  trusted  centralized  certification  authority)  cannot  be 
assumed. 

2.  Trust  should  be  determined  in  a  highly  customizable  manner  without  excessive  computation  and 
communication  load,  while  also  capturing  the  complexities  of  the  trust  relationship. 

3.  A  trust  decision  framework  for  MANETs  should  not  assume  that  all  nodes  are  cooperative.  In 
resource-restricted  environments,  selfishness  is  likely  to  be  prevalent  over  cooperation,  for 
example,  in  order  to  save  battery  life  or  computational  power. 

4.  Trust  is  dynamic,  not  static. 

5.  Trust  is  subjective. 

6.  Trust  is  not  necessarily  transitive.  The  fact  that  A  trusts  B  and  B  trusts  C  does  not  imply  that  A 
trusts  C. 

7.  Trust  is  asymmetric  and  not  necessarily  reciprocal. 

8.  Trust  is  context-dependent.  A  may  trust  B  as  a  wine  expert  but  not  as  a  car  fixer.  Similarly,  in 
MANETs,  if  a  given  task  requires  high  computational  power,  a  node  with  high  computational 
power  is  regarded  as  trusted  while  a  node  that  has  low  computational  power  but  is  not  malicious 
(i.e.,  honest)  is  distrusted. 

3.  Trust  Management  for  MANETs 

This  section  surveys  existing  trust  management  schemes  developed  for  MANET  environments.  Before 
reviewing  the  literature,  we  would  like  to  clarify  some  terminologies  that  have  often  been  used 
interchangeably.  In  general,  trust  management  is  interchangeably  used  with  reputation  management 
[26].  However,  there  are  important  differences  between  trust  and  reputation.  Trust  is  active  while 
reputation  is  passive  [24],  That  is,  trust  is  a  node's  belief  in  the  trust  qualities  of  a  peer,  thus  being 
extended  from  a  node  to  its  peer.  Reputation  is  the  perception  that  peers  form  about  a  node.  Also, 
recommendation  is  frequently  used  as  a  way  to  measure  trust  or  reputation.  Recommendation  is  simply 
an  attempt  at  communicating  a  party's  reputation  from  one  community  context  to  another  [1,  37],  As 
most  of  the  literature  agrees,  reputation  management  is  regarded  as  part  of  trust  management  based  on 
widely  accepted  classifications  explained  below. 

3.1  Classifications 

Trust  management  is  a  special  case  of  risk  management  with  a  particular  emphasis  on  authentication  of 
entities  under  uncertainty,  and  decision  making  on  cooperation  with  unknown  entities  [38].  Trust 
management  includes  trust  establishment  (i.e.,  collecting  appropriate  trust  evidences,  trust  generation, 
trust  distribution,  trust  discovery,  and  evaluation  of  trust  evidence),  trust  update,  and  trust  revocation 
[21,  40].  This  section  introduces  popularly  used  classifications  of  trust  management  based  on 
methodologies  used  for  collecting  information  to  evaluate  trust. 


Li  et  al.  [22]  classify  trust  management  as  reputation-based  framework  and  trust  establishment 
framework.  A  reputation-based  framework  uses  direct  observation  and  second-hand  information 
distributed  among  a  network  to  evaluate  other  nodes.  A  trust  establishment  framework  evaluates 
neighboring  nodes  based  on  direct  observations  while  trust  relations  between  two  nodes  with  no  prior 
direct  interactions  are  built  through  a  combination  of  opinions  from  intermediate  nodes. 

Yonfang  [45]  suggests  two  different  approaches  to  evaluate  trust:  policy-based  trust  management  and 
reputation-based  trust  management.  Policy-based  approach  is  based  on  strong  and  objective  security 
schemes  such  as  logical  rules  and  verifiable  properties  encoded  in  signed  credentials  for  access  control  of 
users  to  resources.  Such  a  policy-based  trust  management  approach  usually  makes  binary  decision 
according  to  which  the  requester  is  trusted  or  not,  and  accordingly  the  access  request  is  allowed  or  not. 
Due  to  the  binary  nature  of  trust  evaluation,  policy-based  trust  management  has  less  flexibility.  On  the 
other  hand,  reputation-based  trust  management  utilizes  numerical  and  computational  mechanism  to 
evaluate  trust.  Typically,  trust  is  calculated  by  collecting,  aggregating,  and  disseminating  reputation 
among  the  entities. 

According  to  Li  and  Singhal  [26],  trust  management  is  classified  as  evidence-based  trust  management 
and  monitoring-based  trust  management.  Evidence-based  trust  management  considers  anything  that 
proves  the  trust  relationships  among  nodes  including  public  key,  address,  identity,  or  any  evidence  that 
any  node  can  generate  for  itself  or  other  nodes  through  a  challenge/response  process.  Monitoring-based 
trust  management  rates  the  trust  level  of  each  participating  node  based  on  direct  information  (e.g., 
observing  neighboring  nodes'  benign  or  malign  behaviors  such  as  packet  dropping  or  packet  flooding)  as 
well  as  indirect  information  (e.g.,  reputation  ratings  forwarded  from  other  nodes  such  as 
recommendation). 

Classifications  of  reputation  management  schemes  may  be  found  in  [2]  and  [45]. 

3.2  Potential  Attacks 

Liu  et  al.  [25]  describe  the  characteristics  of  attacks  in  MANETs  by  both  the  nature  of  attack  and  the  type 
of  attacker.  One  classification  of  attacks  is  passive  attack  versus  active  attack.  Passive  attack  occurs 
when  an  unauthorized  party  gains  access  to  an  asset  but  does  not  modify  its  content.  Passive  attack  can 
be  either  eavesdropping  or  traffic  analysis  (e.g.,  traffic  flow  analysis).  Eavesdropping  indicates  that  the 
attacker  monitors  transmissions  of  message  content.  Traffic  analysis  refers  to  analyzing  patterns  of  data 
transmission.  That  is,  in  a  more  subtle  way,  the  attacker  gains  intelligence  by  monitoring  transmitted 
data  content.  Active  attack  occurs  when  an  unauthorized  party  modifies  a  message,  data  stream,  or  file. 
Active  attack  usually  takes  the  form  of  one  of  the  following  four  types  or  combinations:  masquerading 
(i.e.,  impersonation  attack),  replay  (i.e.,  retransmitting  messages),  message  modification,  and  denial-of- 
service  (DoS)  (i.e.,  excessive  resource  consumptions  in  networks). 

Attacks  can  be  classified  broadly  as  insider  attack  versus  outsider  attack  [25].  If  an  entity  is  authorized  to 
access  system  resources  but  employs  them  in  a  malicious  way,  it  is  classified  as  an  insider  attack.  On  the 
other  hand,  an  outsider  attack  is  initiated  from  unauthorized  or  illegitimate  user  from  the  system.  They 
usually  acquire  access  to  an  authorized  account  and  try  to  perpetrate  an  inside  attacker.  Both  attackers 
may  spoof  network  protocols  to  effectively  acquire  access  to  an  authorized  account. 


Many  trust  management  schemes  are  devised  to  detect  misbehaving  nodes,  both  selfish  nodes  and 
malicious  nodes.  Specific  examples  of  network  layer  attacks  are  as  follows  [10, 11,  12,  17, 18,  22,  25,  26, 
39,  43]: 

•  Routing  loop  attack:  A  malicious  node  may  modify  routing  packets  in  such  a  way  that  the 
packets  traverse  a  cycle,  so  that  the  packet  does  not  reach  the  intended  destination. 

•  Wormhole  attack:  A  group  of  cooperating  malicious  nodes  can  pretend  to  connect  two  distant 
points  in  the  network  with  a  low-latency  communication  link  called  wormhole  link,  causing 
disruptions  in  normal  traffic  load  and  flow. 

•  Black  hole  attack:  A  malicious  node,  the  so  called  black  hole  node,  may  respond  always 
positively  for  route  requests  even  without  proper  routing  information.  The  black  hole  can  drop 
all  packets  forwarded  to  it. 

•  Gray-hole  attack:  A  malicious  node  may  selectively  drop  packets,  as  a  special  case  of  black  hole 
attack.  Variations  include  the  sinkhole  attacker  that  selectively  routes  packets. 

•  Denial-of-Service  (DoS)  attack:  A  malicious  node  may  block  the  normal  use  or  management  of 
communications  facilities,  for  example,  by  causing  excessive  resource  consumption. 

•  False  information  or  false  recommendation:  A  malicious  node  may  collude  and  provide  false 
recommendations/information  to  isolate  good  nodes  while  keeping  more  malicious  nodes.  This 
attack  also  called  a  black-mounting  attack. 

•  Incomplete  information :  A  malicious  node  may  not  cooperate  in  providing  proper  or  complete 
information.  Usually  compromised  nodes  collude  to  perform  this  attack.  Distinguishing 
malicious  behaviors  from  normal  behaviors  is  difficult  in  MANETs. 

•  Packet  modification/insertion:  A  malicious  node  may  modify  packets  or  insert  malicious  packets 
such  as  packets  with  incorrect  routing  information. 

•  Newcomer  attack:  A  malicious  node  may  remove  their  bad  reputation/distrust  by  registering  as 
a  new  user.  The  malicious  node  simply  leaves  the  system  and  joins  again  for  trust  revocation, 
flushing  out  previous  bad  history  and  starting  to  accumulate  new  trust. 

•  Sybil  attack:  A  malicious  node  can  offer  multiple  identities  to  the  network  which  can  affect 
topology  maintenance  and  fault  tolerant  schemes  such  as  multi-path  routing. 

•  Blackmailing:  A  malicious  node  can  blackmail  another  node  by  falsely  claiming  that  another 
node  is  malicious  or  misbehaving.  This  can  generate  significant  amount  of  traffic  and  ultimately 
disrupt  the  functionality  of  the  entire  network. 

•  Replay  attacks:  A  malicious  node  may  replay  earlier  transmitted  packets  to  the  network.  If  the 
adversary  replays  route  requests,  old  locations  and  routing  information  might  make  nodes 
unreachable. 

•  Selective  misbehaving  attack:  This  attack  is  derived  from  the  subjective  characteristic  of  the 
trust  management  framework.  A  malicious  node  may  selectively  provide  or  deny  proper 
services. 

•  On-off  attack:  A  malicious  node  may  alternatively  behave  well  and  badly  to  stay  undetected 
while  disrupting  services. 

•  Conflicting  behavior  attack:  A  malicious  node  may  behave  differently  to  nodes  in  different 
groups  to  make  the  opinions  from  different  good  groups  conflicting,  and  ultimately  lead  to  non- 
trusted  relationships. 

3.3  Trust  Metrics  for  MANETs 

Even  though  many  trust  management  schemes  have  been  proposed,  no  work  clearly  addresses  what 
should  be  measured  to  evaluate  trust.  Liu  et  al.  [24]  define  trust  in  their  model  as  reliability,  timeliness, 


and  integrity  of  message  delivery  to  their  intended  next-hop.  Also  most  trust-based  protocols  for  secure 
routing  calculate  a  trust  value  based  on  characteristics  of  well  behaving  nodes  [6,  7,  8,  14, 16,  22,  30,  33, 
34,  35,  39,  42,  46,  47],  Trust  measurement  can  be  application-dependent  and  will  be  different  based  on 
the  design  goals  of  the  proposed  network.  In  this  work,  we  introduce  two  types  of  trust  based  on  trust 
relationships  that  require  measurements  of  different  aspects  of  trust. 

First,  social  trust  refers  to  properties  derived  from  social  relationships.  Examples  of  social  networks  are 
strong  social  relationships  such  as  colleagues  or  relatives  or  loose  social  relationships  such  as  school 
alumni  or  friends  with  common  interests  [44].  Social  trust  may  include  friendship,  honesty,  privacy,  and 
social  reputation/recommendation  derived  from  direct  or  indirect  interactions  for  "sociable"  purpose.  In 
MANETs,  some  metrics  to  measure  these  social  trust  properties  can  be  frequency  of  communications, 
malign  or  benign  behaviors  (e.g.,  false  accusation,  impersonation),  and  quality  of  reputation. 

Second,  QoS  trust  represents  competence,  dependability,  reliability,  successful  experience,  and 
reputation/recommendation  on  task  performance  forwarded  from  direct  or  indirect  interactions  with 
others.  In  designing  network  protocols,  many  prior  works  measured  the  trust  value  of  a  node  based  on 
performance  metrics  such  as  the  node's  energy  or  computational  power,  lifetime,  packet  delivery  rate,  or 
evaluations  using  reputation  or  recommendation  from  other  nodes  about  task  performance.  The  term 
QoS  trust  is  used  in  this  work  to  define  trust  evaluation  mainly  in  terms  of  task  performance  capability. 

3.4  Existing  Trust  Management  in  MANETs 

Trust  management  schemes  have  been  developed  for  specific  purposes  such  as  secure  routing, 
authentication,  intrusion  detection,  and  access  control  (authorization).  Appendix  A  summarizes  existing 
trust  management  schemes  by  scheme  name,  methodology,  attacks  targeted,  performance  metrics  used, 
and  other  notable  characteristics  of  the  proposed  schemes.  In  Appendix  A,  note  that  methodology 
explains  how  trust  evidence  is  collected  and  performance  metrics  refers  to  the  metrics  used  to  evaluate 
the  proposed  trust  management  scheme.  A  narrative  description  of  these  schemes  and  an  overview  of 
some  existing  frameworks  for  trust  evidence  distribution  and  evaluation  will  be  included  in  the  journal 
version  of  this  paper. 

Trust  Evidence  Distribution  and  Evaluation 

Some  trust  management  schemes  have  been  proposed  in  order  to  provide  a  general  framework  for  trust 
evidence  distribution  or  evaluation  in  MANETs.  Jiang  and  Baras  [20]  proposed  a  trust  distribution 
scheme  called  ABED  (Ant-Based  trust  Evidence  Distribution)  based  on  the  swarm  intelligence  paradigm, 
which  is  claimed  to  be  highly  distributed  and  adaptive  to  mobility.  The  swarm  intelligence  paradigm  is 
widely  used  in  dynamic  optimization  problems  (e.g.,  traveling  salesman  problem,  routing  in 
communication  networks)  and  is  inspired  from  artificial  ant  colony  techniques  to  solve  combinatorial 
optimization  problem.  The  key  principle  is  called  stigmergy,  indirect  communication  through  the 
environment.  In  ABED,  nodes  interact  with  each  other  through  "agents"  called  "ants"  that  deposit 
information  called  "pheromones";  based  on  this  the  agents  can  identify  an  optimal  path  for 
accumulating  trust  evidence.  However,  no  specific  attacks  were  considered  in  [20].  Theodorakopoulos 
and  Baras  [40]  proposed  a  trust  evidence  evaluation  scheme  for  MANETs.  The  evaluation  process  is 
modeled  as  a  path  problem  in  a  directed  graph  where  nodes  indicate  entities  and  edges  represent  trust 
relations.  The  authors  employ  the  theory  of  Semirings  to  show  how  two  nodes  can  establish  trust 
relationships  without  prior  direct  interactions.  Their  case  study  uses  the  GP  web  of  trust  to  express  an 


example  trust  model  based  on  Semirings  and  shows  that  their  proposed  scheme  is  robust  in  the 
presence  of  attackers.  However,  their  work  assumes  that  trust  is  transitive.  Further,  trust  and 
confidence  values  are  represented  as  binary  rather  than  as  a  continuous-valued  variable.  Even  though 
no  centralized  trusted  third  party  exists,  their  work  makes  use  of  a  source  node  as  a  trusted 
infrastructure.  Recently  Buckerche  and  Ren  [5]  proposed  a  distributed  reputation  evaluation  prototype 
called  GRE  (Generalized  Reputation  Evaluation)  to  effectively  prevent  malicious  nodes  from  entering  the 
trusted  community.  However,  no  specific  attack  model  was  addressed.  Further,  transitivity,  asymmetry, 
and  subjectivity  characteristics  of  trust  concept  were  not  specifically  explained  in  building  their  trust 
model. 

4  Towards  Trust-based  Cognitive  MANETs 

In  this  section,  we  discuss  a  trust  management  scheme  based  on  the  concept  of  social  and  cognitive 
networks.  In  addition,  we  list  several  issues  and  questions  that  developers  of  MANET  trust  management 
schemes  should  keep  in  mind. 

MANETs  pose  challenges  in  designing  network  security  protocols  due  to  their  unique  characteristics  (e.g., 
resource  constraints,  vulnerability,  unreliable  transmission  medium,  and  dynamics).  Military  MANETs 
must  operate  in  hostile  environments,  deal  with  compromised  nodes,  support  prioritized  QoS 
performance,  be  able  to  participate  in  coalition  operations  without  predefined  trust  relationships,  and 
facilitate  reconfigurability  [36].  Thus,  additional  caution  is  required  in  designing  security  protocols  for 
mission-driven  group  communication  systems  (GCSs)  in  military  MANETs 

We  are  particularly  interested  in  evaluating  the  trust  level  of  such  a  GCS  by  evaluating  the  trust  value  of 
a  node  in  terms  of  its  mission  execution  competence  and  sociability  when  a  particular  mission,  X,  is 
assigned.  For  example,  we  evaluate  each  node  by  asking  "Can  we  trust  this  group  member  (node)  to  do 
mission  X?"  That  is,  our  trust  management  protocol  aims  to  dynamically  reconfigure  the  trust  threshold 
that  determines  the  number  of  nodes  qualified  for  performing  the  mission.  We  take  into  account  the 
level  of  risk  or  difficulty  upon  failure  while  considering  changing  network  conditions  (i.e.,  bandwidth, 
node  density,  communication  rate,  degree  of  hostility)  as  well  as  the  conditions  of  participating  nodes  in 
the  network  (i.e.,  energy,  computational  power,  memory).  As  a  result,  the  resulting  protocols  seek  to 
prolong  the  system  lifetime  by  identifying  optimal  design  settings  such  as  trust  value  threshold  to 
determine  trustable  nodes  to  perform  a  mission,  degree  of  trust  transitivity  chains,  ratio  of  trust 
attributes  (i.e.,  ratio  of  social  trust  versus  QoS  trust,  explained  in  Section  3.3),  conditional  tolerance 
threshold  of  selfish  behaviors,  and  length  of  trust  chains  based  on  efficient  tradeoffs  made  between 
security  and  performance  properties. 

Unlike  existing  work  on  trust  management  in  MANETs,  our  research  proposes  to  embed  intelligence  in 
each  node  with  cognitive  functionality,  adopting  recent  ideas  about  cognitive  networks  in  wireless 
networks  [41].  Thomas  et  al.  [41]  define  a  cognitive  network  first  as  having  a  cognitive  process  that  is 
capable  of  perceiving  current  network  conditions  and  then  planning,  deciding,  and  acting  on  those 
conditions.  Cognitive  networks  are  able  to  reconfigure  the  network  infrastructure  based  on  past 
experiences  by  adapting  to  continuously  changing  network  behaviors  to  improve  scalability  (e.g., 
reducing  complexity),  survivability  (e.g.,  increasing  reliability),  and  QoS  level  (e.g.,  facilitating 
cooperation  among  nodes)  as  a  forward  looking  mechanism  [41].  Cognitive  networks  are  also  often 
based  on  cross-layer  design  where  they  share  internal  information  between  layers  rather  than  adhering 
to  the  traditional  strict  layered  architecture  [41]..  We  propose  to  use  this  concept  of  cognitive  networks 
with  cross-layer  design  for  GCS  operations  in  a  MANET  to  introduce  cognitive  intelligence  into  each  node 


to  adapt  to  changing  network  behaviors,  such  as  attacker  behaviors,  degree  of  hostility,  node 
disconnection  due  to  physical  environment  such  as  terrain,  energy  exhaustion  on  a  node,  or  voluntary 
disconnection  for  energy  savings.  We  also  use  social  relationships  in  evaluating  the  trust  metric  among 
group  members  by  employing  the  concept  of  social  networks.  Yu  et  al.  [44]  define  a  social  network  as  a 
social  structure  of  individuals  who  may  be  related  directly  or  indirectly  to  each  other  in  order  to  pursue 
common  interests.  Yu  et  al.  [44]  used  social  networks  to  evaluate  the  overall  trust  value  of  a  node. 
However,  we  use  social  networks  to  evaluate  the  social  trust  value  of  a  node  only  in  terms  of  the  degree 
of  personal  or  social  trends,  rather  than  the  capability  of  executing  a  mission  based  on  past  collaborative 
interactions.  We  assume  that  a  node's  capability  of  completing  a  highly  risky  mission  will  be  related  to 
the  node's  QoS  trust  value  as  evaluated  by  information  networks  based  on  information  sharing. 

Developers  of  MANET  trust  management  schemes  should  keep  the  following  questions  in  mind: 

•  Does  the  trust  metric  used  reflect  the  unique  properties  of  trust  in  MANETs?  (e.g.,  not 
necessarily  perfect  transitivity,  asymmetry,  subjectivity,  non-binary  value,  decaying  over  time 
and  increasing  trust  chain,  dynamicity,  context-dependency) 

•  What  constituents  does  the  trust  metric  have?  Do  the  constituents  change  according  to  tasks 
given  (e.g.,  high  risk  upon  task  failure),  changing  network  environments  (e.g.,  lack  of  bandwidth, 
hostile  environment  as  attackers'  strength  increases,  high  communication  load),  or  participating 
nodes'  conditions  (e.g.,  low  energy,  compromised  status)? 

•  How  does  the  trust  metric  contribute  to  improving  scalability,  reconfigurability,  and  reliability  of 
the  proposed  network? 

•  Does  the  proposed  network  design  achieve  adaptability  (i.e.,  learning  based  on  the  cognitive 
functionality  of  a  node)  to  changing  network  conditions  and  environments  of  MANETs? 

•  Does  the  proposed  trust  metric  provide  adequate  tradeoffs  (e.g.,  altruism  versus  selfishness, 
trust  level  (or  security)  versus  reliability,  availability,  or  survivability,  security  versus 
performance) 

•  Does  the  proposed  network  design  identify  optimal  settings  under  various  network  and 
environmental  conditions? 

5  Discussion 

The  goal  of  this  paper  was  to  provide  MANET  network  protocol  designers  with  multiple  perspectives  on 
the  concept  of  trust,  an  understanding  of  the  properties  that  should  be  considered  in  developing  a  trust 
metric,  and  insights  on  how  a  trust  metric  can  be  customized  to  meet  the  requirements  and  goals  of  the 
targeted  system.  By  introducing  the  concept  of  social  and  cognitive  networks,  we  suggested  future 
research  directions  to  develop  trust  management  schemes  with  desirable  attributes  such  as  adaptation 
to  environmental  dynamics,  scalability,  reliability,  and  reconfigurability. 

Trust  is  a  multidimensional,  complex,  and  context-dependent  concept.  Although,  trust-based  decision 
making  is  in  our  everyday  life,  trust  establishment  and  management  in  MANETs  faces  challenges  from 
the  severe  resource  constraints,  the  open  nature  of  the  wireless  medium,  the  complex  dependence 
between  the  communications  network,  the  social  network,  and  the  application  network,  and  hence  the 
complex  dependency  of  any  trust  metric  to  features,  parameters,  and  interactions  within  and  amongst 
these  networks. 
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Appendix  A:  The  Survey  on  Existing  Trust  Management  in  MANETs  based  on  Applicability. 
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No  experimental  results 
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nodes 


-Packet  loss 
-Packet  forwarded 
-Throughput 
-Overhead 
-Latency 
-Path  optimality 
-Detection  probability 
-Trust  level 
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-Entropy-based  trust  model 
-Probability-based  trust 
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1  Utility  metric  refers  to  the  ratio  of  how  many  of  the  transmission  of  a  node  are  originated  or  received  by  the  node  itself  versus 
how  many  are  just  forwarded  as  an  intermediate  node  on  behalf  of  other  nodes  [7].  That  is,  this  metric  can  be  represented  as 
A/(A+B)  where  A  is  the  number  of  packets  transmitted  for  a  node  itself  and  B  is  the  number  of  packets  transmitted  for  others. 
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Weimerskirch  et  al.  (2001) 
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No  experimental  results 
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Pirzada  and  McDonald 
(2004)  [34] 
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No  experimental  results 
shown 

Ghosh  et  al.  (2005)  [14] 

-Direct  observation 

-Recommendation 

-False  certificate 

-Rate  for  successfully 
detecting  false  certificates 

INTRUSION  DETECTION 

Albers  et  al.{ 2002)  [4] 

-Direct  observation  for 
anomaly  detection  or 
misuse  detection 

-General  misbehaving 
nodes 

No  experimental  results 
shown 

Ahmed  et  al.  (2006)  [3] 

-Direct  observation 

-Black  hole 
-Packet  dropping 
-Malicious  flooding 
-Routing  loop 

-Overhead 

-False  alarm  rate 

ACCESS  CONTROL 

Luo  et  al.  (2004)  [28] 

-Direct  observation 

-General  misbehaving 
nodes 

-Overhead 

-Delay  and  number  of  retries 
before  ticket  is  received 

Adams  and  Davis  (2005)  [2] 

-Direct  observation 
-Reputation 

-General  misbehaving 
nodes 

-No  specific  attacks 
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No  experimental  results 
shown 

Yunfang  (2007)  [45] 

-Direct  observation 
-Reputation 
-Policy  proof 

-General  misbehaving 
nodes 

-No  specific  attacks 
addressed 

No  experimental  results 
shown 

OTHERS 

Jiang  and  Baras  (2004)  [20] 

-Direct  observation 

-General  misbehaving 
nodes 
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certificate 

Theodorakopoulos  and 

-Direct  observation 
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Baras  (2006)  [40] 
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Boukerche  and  Ren  (2008)  -Direct  observation 
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-Query  overhead 
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-Percentage  of  packets 
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-Extension  of  Marsh's  trust 
model  [29] 

-Extension  of  PGP 


-Local  Intrusion  Detection 
System  (LIDS) 

-Leverage  IDS  to  evaluate 
trust  level  of  other  nodes 


-Localized  group  trust 
model  based  on  threshold 
cryptography 
-Bayesian  Model  for  risk 
assessment 
-Trust  is  not  transitive 
-Trust  is  a  continuous  value 
-Trust  is  transitive 


-Trust  evidence  distribution 
based  on  a  swarm 
intelligence 

-Trust  evaluation  model 
based  on  Seminrings 
theory 

-Trust  is  transitive 
-Trust  and  confidence  value 
is  binary 

-Group-based  trust  model 
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"nmnn"  *  Background 


•  Design  Challenges  in  Mobile  Ad  Hoc  Networks: 

-  Resource  constraints 

S  energy,  bandwidth,  memory,  computational  power 

-  High  security  vulnerability 

s  open  medium  derived  from  inherent  nature  of  wireless  networks 

s  dynamically  changing  network  topology  due  to  node  mobility  or 
failure,  RF  channel  conditions 

S  decentralized  decision  making  and  cooperation  (no  centralized 
authority) 

s  no  clear  line  of  defense 

•  Trust:  the  degree  of  subjective  belief  about  the  behaviors  of  a 
particular  entity. 

•  Trust  management:  defined  initially  by  Blaze  et  al.  (1996)  as  a 
separate  component  of  security  services  in  networks. 
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•  Trust  management  is  needed  in  MANETs  with  the  goal  of 
establishing  a  network  with  an  acceptable  level  of  trust 
relationships  among  participating  nodes: 

-  Network  bootstrapping 

-  Coalition  operation  without  predefined  trust 

-  Authentication  for  certificates  generated  by  the  other  party  when 
links  are  down 

-  Ensuring  safety  when  entering  in  a  new  zone 

•  Diverse  applicability  as  a  decision  making  mechanism  for 

-  Intrusion  detection 

-  Key  management 

-  Access  control 

-  Authentication 

-  Secure  routing 

-  Others 
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•  Merriam  Webster’s  Dictionary:  trust  is  defined  as  “assured  reliance  on 
the  character,  ability,  strength,  or  truth  of  someone  or  something.” 

•  Trust  in  Sociology 

-  Subjectivity,  an  indicator  for  future  action,  and  dynamicity  based  on  continuous 
interactions  between  two  entities. 

-  A  continuous  term  and  risking  betrayal  in  building  trust. 

•  Trust  in  Economics 

-  An  expectation  that  applies  to  situations  in  which  trustors  take  risky  actions  under 
uncertainty  or  information  incompleteness. 

-  Based  on  the  assumption  that  humans  are  rational  and  strict  utility  maximizers  of  their 
own  interest  or  having  incentives  to  themselves. 

•  Trust  in  Philosophy 

-  Important  but  dangerous 

-  Moral  relationships:  depending  on  the  nature  of  personal  relationships  between  a  trustor 
and  a  trustee,  trustful  actions  or  betrayal  can  be  taken. 

•  Trust  in  Psychology 

-  Cognitive  process  that  human  beings  learn  trust  from  their  experiences,  e.g.,  relationship 
between  mother  and  the  child 
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•  Trust  in  Organizational  Management 

-  The  willingness  to  take  a  risk  or  willingness  to  be 
vulnerable  in  the  relationship  in  terms  of  ability, 
integrity,  and  benevolence 

•  Trust  in  Autonomic  Computing 

-  The  attitude  that  an  agent  will  help  accomplish 
an  individual’s  goals  in  a  situation  with 
uncertainty  and  vulnerability 

-  Automation  reliability  as  the  level  of  trust 

•  Trust  in  Communications  &  Networking 

-  A  set  of  relations  among  entities  participating  in 
a  protocol  based  on  the  evidences  generated  by 
the  previous  interactions  of  entities 

-  Trust  accumulate  among  entities  as  their 
interactional  have  been  faithful  to  run  the 
protocol 

-  Context-aware  trust 

•  Trust  is  a  well-defined  descriptor  of 
security  and  encryption  as  a  metric  to 
reflect  security  goals  [Goibeck,  2006] 
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•  Trustworthiness:  objective  trust 
probability  of  trust  level,  actual  trust 

•  Trust:  subjective  trust  probability  of 
trust  level,  believed/measured  trust 

•  Risk  estimation  is  closely  linked  with 
measuring  accurate  trust  relations 

•  Real  trust  may  not  be  applied  in  real 
situations 

-  Context  independent  reliability  trust 

-  Context  dependent  decision  trust 


0.5  Trust  i 


Trust  Level  [Solhaug  et  al.,  2007] 
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Trust  vs.  Risk 

[Solhaug  et  al.  2006, 
Josang  &  LoPresti,  2004] 


•  In  general,  if  trust  is  high,  the  risk  is 
low,  and  vice  versa. 

•  However,  notice  that  even  high  risk 
exists  when  trust  is  high,  trust  =  1 . 

•  Opportunity  and  prospects  (positive 
consequence)  are  important. 

•  Trust  should  be  measured  considering 
acceptable  risk  level  in  terms  of 
prospects. 

Trust  is  generally  neither  proportional 
nor  inversely  proportional  to  risk. 
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•  Dynamic,  not  static 

-  Trust  in  MANETs  should  be  established 
based  on  local,  short-lived,  fast 
changing  over  time,  online  only  and 
incomplete  information  available  due  to 
node  mobility  or  failure,  RF  channel 
conditions 

-  Expressed  as  a  continuous  value 
ranging  from  positive  and  negative 
degree 

•  Subjective 

-  Different  experiences  derived  from 
dynamically  changing  network  topology 

•  Not  necessarily  transitive 

•  Asymmetric,  not  necessarily  reciprocal 

-  Heterogeneous  network 

•  Context-dependent 


Trust  properties  in  existing  trust 
management  in  MANETs. 
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•  Reputation-based  framework  vs.  Trust  Establishment  Framework 

[Li  et  al.,  2008] 

•  Policy-based  trust  management  vs.  Reputation-based  Trust 
Management  [Yonfang,  2007] 

•  Evidence-based  trust  management:  anything  that  proves  the  trust 
relationships  among  nodes  including  public  key,  address,  identity,  or 
any  evidence  that  any  node  can  generate  for  itself  or  other  nodes 
through  the  challenge/response  process  [Li  &  Singhal,  2007] 

•  Monitoring-based  trust  management:  direct  and  indirect 
observations  [Li  &  Singhal,  2007] 

•  Trust  Establishment  Frameworks  [Aivaloglou  et  al.,  2006]: 

-  Certificate-based  framework:  using  certificates 

-  Behavior-based  framework:  ensured  by  preloaded  authentication 
mechanism 

•  Architectures  [Aivaloglou  et  al.,  2006]: 

-  Hierarchical  framework:  centralized  systems 

-  Distributed  framework:  distributed  systems  such  as  MANETs 
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•  By  the  nature  of  attack  and  the 
types  of  attackers  [Liu  et  al.,  2004] 

-  Passive  Attacks:  when  an 
unauthorized  party  gains  access  to  an 
asset  but  does  not  modify  its  content, 
(e.g.,  eavesdropping  or  traffic  analysis) 

-  Active  Attacks  :  masquerading 
(impersonation  attack),  replay 
(retransmitting  messages),  message 
modification,  DoS  (e.g.,  excessive 
energy  consumption) 

•  By  the  legitimacy  of  attackers  [Liu 

et  al.,  2004] 

-  Insider  attacks:  authorized  member 

-  Outsider  attacks:  illegal  user 

•  Existing  work  mostly  considered 
network  layer  attacks 


Attacks  considered  in  existing  trust  management 

in  MANETs. 
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Metrics 


rtnFrmvTjk  Metrics  for  Trust  Management 
^  in  MANETs 
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•  Trust  management  schemes  has 
been  evaluated  by  general 
performance  metrics,  e.g., 
throughput,  goodput,  overhead, 
delay,  utility,  packet  dropping  rate, 
etc. 

•  Detection  accuracy  is  most 
popularly  used  as  a  performance 
metric. 

•  Recently  trust  metric  (e.g.,  trust 
level)  has  been  used  to  evaluate 
the  proposed  trust  management 
schemes. 


Metrics  used  for  evaluating  existing  trust 
management  in  MANETs. 
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rdegomjp  Composite  Trust  Metric 


in 

-  / 

* 

Quality-of-Service  (QoS)  Trust 

•  Information  on  competence, 
dependability,  reliability,  successful 
experience,  and  reputation  or 
recommendation  representing 
“task”  performance 

•  Examples  are  the  node’s  energy 
lifetime  or  computational  power 
level,  completing  packet  delivery, 
or  evaluations  using  reputation  or 
recommendation 


Social  Trust 

•  Use  of  the  concept  of  social 
network  [Yu  et  al.,  2008]  based  on 
common  interests 

•  Friendship,  honesty,  privacy,  and 
social  reputation  or 
recommendation  derived  from 
direct  or  indirect  interactions  for 
“sociable”  purpose. 
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Year 


RnFcaniTb  Existing  Trust  Management  in 

MANETs  based  on  Applicability 


in 

r-  / 

i 

%I 

2008 

2007 

2006 

2005 

2004 

2003 

2002 

2001 

2000 


Number  of  works 


■  Secure  routing 
Authentication 

■  Intrusion  detection 
Access  control 

■  Key  Management 

■  Trust  evaluation 

■  Trust  evidence  distribution 

■  Trust  computation 

■  General  trust  level  identification 


Historical  summary  of  existing  trust  management  schemes  in  MANETs  by  applicability. 
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FtnFnnnn  j*  Existing  Trust  Management  in 

MANETs 


V 


Secure  Routing 

•  Isolate  misbehaving  nodes,  either 
selfish  or  malicious,  encourage 
collaboration 

•  Reputation-based  trust 
management 

•  Extension  of  the  existing  routing 
protocols  (e.g.,  DSR,  AODV)  using 
trust  concept 

•  Incentive  mechanism 

•  Redemption  mechanism 

•  Direct  and  indirect  observations 

•  Various  trust  models  introduced: 

-  Bayesian  model 

-  Entropy-based  model 

-  Probability  model 

-  Effort-return-based  model 


Authentication 

•  Direct  (certificate,  observations) 
plus  second  hand  information  (e.g., 
recommendation) 

•  Extension  of  the  existing  routing 
protocols  (e.g.,  DSR,  ZRP) 

•  Weighted  transitivity 

•  Trust  models 

-  Marsh’s  trust  model 

-  Pretty  good  privacy 


Key  Management 

•  Trust-based  hierarchies  for  key 
management 

-  Physical  logical  trust  domains 

-  Hierarchical  trust  PKI 

•  Distributed  key  management 
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rtnrmn/r  *  Existing  Trust  Management  in 

MANETs  (Cent.) 


V 


Intrusion  Detection 

•  Trust  can  be  a  basis  for 
intrusion  detection-  Local  IDS 

•  IDS  provides  audit  and 
monitoring  capabilities  that  offer 
the  local  security  to  a  node  and 
help  perceive  the  specific  trust 
level  of  other  nodes. 

•  Evaluating  trust  and  identifying 
intrusions  may  not  be  a 
separable  process  with  the 
same  goal  to  build  collaborative 
network  environments 


Access  Control 

•  Whether  or  not  access  to 
certain  resources  or  rights  is 
allowed  in  MANETs 

-  Trust-based  admission  control 

-  A  localized  group  trust  model 
based  on  threshold 
cryptography 


Others 

•  Trust  evaluation 

•  Trust  evidence  distribution  (directed 
graph,  swarm  intelligence) 

•  Trust  computation  (random  graph 
theory) 
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RDFCOM 


Future  Research  Directions: 
Trust-based  Cognitive  Networks 


V 


Propose  a  set  of  reliable,  reconfigurable,  and  scalable  trust 
management  protocols  for  mission-driven  group 
communication  systems  (GCSs)  in  MANETs  for  military 
situations. 

•  Design  challenges  in  military  tactical  MANETs  in  addition  to  challenges 
in  MANETs 

•  Use  of  cognitive  networks  [Thomas  et  al.,  2005]:  having  a  cognitive 
process  that  is  capable  of  perceiving  current  network  conditions  and 
then  planning,  deciding,  and  acting  on  those  conditions. 

•  We  propose  to  use  this  concept  of  cognitive  networks  in  a  MANET  to 
introduce  cognitive  intelligence  into  each  node  to  adapt  to  changing 
network  behaviors,  such  as  attacker  behaviors,  degree  of  hostility, 
node  disconnection  due  to  physical  environment  such  as  terrain, 
energy  exhaustion  on  a  node,  or  voluntary  disconnection  for  energy 
savings. 
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Trust  Metric 

•  The  overall  trust  consists  of  two 
components: 

-  QoS  trust:  energy  level  + 
unselfishness  (w.r.t.  collaboration) 

-  Social  trust:  intimacy  (w.r.t. 
friendliness)  +  healthiness  (w.r.t. 
honesty) 

•  Trust  decays  as  length  of  a  trust 
chain  grows 

•  T rust  decays  over  time  as  frequency 
of  interactions  decreases  (location 
prob.) 

•  Trust  is  calculated  based  on  direct 
observations  plus  recommendations 
from  others 

•  Trust  values  are  normalized  to  lie  in 
the  range  [-2,2] 


Energy  Model 

•  Energy  level  of  each  node  is 
adjusted  based  on  its  status  such  as: 

-  Selfish  or  not 

-  Member  or  not 

-  Compromised  or  not 

•  Considered  energy  consumption  for 
transmission  and  receiving  packets 


Attack  Model 

•  Prevent  outside  attackers  using 
intrusion  prevention  techniques  (e.g., 
authentication  or  encryption) 

•  Alleviate  inside  attackers  using  IDS 

•  Attacks  performed:  fake  information 
dissemination 

•  Use  a  distributed  rekeying  operation 
as  a  reaction  mechanism  of  IDS 
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ROECOM%  Case  Study:  Modeling  and  Analysis  of 

Trust  Management  in  MANETs  (Cont.) 
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Location  SPN  Subnet. 


T  ENERGY  T  JOIN  T  LEAVE 


Node  SPN  Subnet. 


Average  trust  level  versus  the  length  of  the  trust 
chain  at  particular  time  points-all  nodes'  evaluation. 


Tim^sec) 
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Case  Study:  Modeling  and  Analysis  of 
Trust  Management  in  MANETs  (Cont.) 


in 
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(«  If*  Irttarm  alien:  GShttfi- inform  aSiert) 


Average  maximum  trust  level  over  time  with 
respect  to  the  various  ratio  of  self-information  and 
others-information  ( #  1:  fi  2)-all  nodes'  evaluation. 


•  High  reliance  on  self-information  for 
evaluating  trust  on  a  node  may 
overestimate  trust  level  compared  to  the 
predicted  objective  trust,  introducing  risk 
(e.g.,  a  chance  of  deceit). 

•  Mission  completion  with  high  mission 
success  probability  (as  a  reliability  metric) 
can  be  achieved  by  varying  the  length  of 
a  trust  chain  over  time. 


TC=1  TC  =  3  — *-TC  =  3 

■ — “ TC  =  4  — f-TC-5  — TC  =  6 


ipmissionfprobj 
trustvalua  [-2. 2] 
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2 


Mission  success  probability  based  on  a  required  trust  level. 
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^Issues  for  Future  Trust  Management 
in  MANETs 


n 

% 

r~ 

In 

•  Does  the  trust  metric  used  reflect  the  unique  properties  of  trust 
in  MANETs  ? 

•  What  constituents  does  the  trust  metric  have?  Do  the 
constituents  change  according  to  tasks  given,  changing  network 
environments,  or  participating  nodes’  conditions? 

•  How  does  the  trust  metric  contribute  to  improving  scalability, 
reconfigurability,  and  reliability  of  the  proposed  network? 

•  Does  the  proposed  network  design  achieve  adaptability  to 
changing  network  conditions  and  MANETs  environments? 

•  Does  the  proposed  trust  metric  provide  adequate  tradeoffs  ? 

•  Does  the  proposed  network  design  identify  optimal  settings 
under  various  network  and  environmental  conditions? 
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RDECOM 


Questions? 


Contact  us  at: 

Jin-Hee  Cho  (jinhee.cho@us.armv.mil),  Army  Research  Laboratory 
Ananthram  Swami  (aswami@arl.armv.mil) ,  Army  Research  Laboratory 
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